Incident Response

Effective threat assessment, forensic investigation and incident response.

REQUIRE URGENT INCIDENT RESPONSE?

Constantly evolving hacker tactics, mean today’s Incident Response handlers must hunt for unknown or anomalous signs of breach that go beyond malware without relying on ineffective signatures, traditional Indicators of Compromise (IOC’s) or a well-defined starting point.

How can Secrutiny help?

When anomalous activity is identified, Secrutiny can provide remote and on-site investigation within hours of engagement to significantly reduce the impact of an incident on your organisation.

A two-phased approach is used to broadly examine the network as a whole to identify a much smaller set of ‘hosts of interest’ that are analysed more deeply in the second phase.

Secrutiny Incident Response Services Diagram

Phase One

The first phase consists of the collection of information from across the entire estate, which is baselined and analysed for usage patterns, statistical anomalies, user behaviour, and vulnerabilities to determine the scope of the incident and identify ‘hosts of interest’.

Phase Two

The ‘hosts of interest’ are examined in greater detail to determine misuse and the risk this threat poses to the organisation.

Step 1: Identify the ‘host of interests’ use and the criticality to the business.

Step 2: Utilise a forensically sound collection tool to gather relevant artefacts.

Step 3: Analyse the collected artefacts to create “the story behind the compromise and its activity”.

As new data and insights are learned, the investigation may expand to additional systems of interest and reiterate through the process. This process continues until full coverage of the threat has been discovered and examined.

Once the analysis has been completed, the results are presented back to the customer in the form of a report for review with the associated evidence and recommended remedial actions.